Update nb_conda to be compatible with 4.3.1 and higher #48
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… one injects the X-XSRF-Token header.
… one injects the X-XSRFToken header.
|
Thanks for the PR, I will look into it as soon as possible. |
|
Tested locally, working OK. Will fix the tests in a upcoming PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jupyter notebook blog post about version 4.3.1 introduced a fix for CVE-2016-9971 but in doing so, caused some issues for RESTful interfaces.
When the
nb_condaextension is activated (and tested with Notebook version 4.4.1), actions like installing a package generates a "Forbidden" error dialog and the server log only shows a 403 error on the POST url:[W 00:44:28.973 NotebookApp] 403 POST /conda/environments/root/packages/install (n.n.n.n): '_xsrf' argument missing from POSTSince the code already references the
base/js/utilsmodule, and that module already implements the sample code shown in the blog post, and that module also exports theajaxfunction, the cleanest update is to change all$.ajax(...)calls to justutils.ajax(...)calls. For the modules that did not already require the utils module, I added that in to provide the right ajax call.